When initiating a VPNC connection, NetworkManager spawns a new vpnc
process and passes the configuration via STDIN. By injecting a special
character into a configuration parameter, an attacker can coerce
NetworkManager to set the Password helper option to an attacker
controlled executable file.

Impact

A local attacker is able to escalate privileges via a specially crafted
configuration file.

Workaround

There is no known workaround at this time.

Resolution

All NetworkManager VPNC plugin users should upgrade to the latest
version: